From 53a0fa9130493d383d2542622ccdbdd483650bad Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Fri, 17 May 2019 00:46:11 +0300 Subject: [PATCH] LDAPCreate: allow callers to override objectclasses LDAPCreate class explicitly allows use of --setattr/--addattr options to pass-in additional configuration or override some of the framework decisions. However, changes to objectclasses are ignored. We have a number of plugins where additional attributes and their values are generated at creation time. For example, ipa-sidgen plugin generates ipaNTSecurityIdentifier value on LDAP ADD operation when objectclasses include a specific object class and some other attributes (uidNumber, gidNumber) do present in the LDAP mods. Allow to override object-specific LDAP objectclasses by the --setattr/--addattr option values. Related: https://pagure.io/freeipa/issue/7953 Reviewed-By: Christian Heimes --- ipaserver/plugins/baseldap.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ipaserver/plugins/baseldap.py b/ipaserver/plugins/baseldap.py index 9b9eaff17..4fbc231a2 100644 --- a/ipaserver/plugins/baseldap.py +++ b/ipaserver/plugins/baseldap.py @@ -1151,10 +1151,10 @@ class LDAPCreate(BaseLDAPCommand, crud.Create): entry_attrs = ldap.make_entry( dn, self.args_options_2_entry(*keys, **options)) - self.process_attr_options(entry_attrs, None, keys, options) - entry_attrs['objectclass'] = deepcopy(self.obj.object_class) + self.process_attr_options(entry_attrs, None, keys, options) + if self.obj.object_class_config: config = ldap.get_ipa_config() entry_attrs['objectclass'] = config.get(